Synopsis: Important: ghostscript security and bug fix update Advisory ID: SLSA-2018:3834-1 Issue Date: 2018-12-17 CVE Numbers: CVE-2018-15911 CVE-2018-16541 CVE-2018-16802 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19134 -- Security Fix(es): * ghostscript: Incorrect free logic in pagedevice replacement (699664) (CVE-2018-16541) * ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * ghostscript: User-writable error exception table (CVE-2018-17183) * ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) (CVE-2018-17961) * ghostscript: Saved execution stacks can leak operator arrays (CVE-2018-18073) * ghostscript: 1Policy operator allows a sandbox protection bypass (CVE-2018-18284) * ghostscript: Type confusion in setpattern (700141) (CVE-2018-19134) * ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c (CVE-2018-19409) * ghostscript: Uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) Bug Fix(es): * It has been found that ghostscript-9.07-31.el7_6.1 introduced regression during the handling of shading objects, causing a "Dropping incorrect smooth shading object" warning. With this update, the regression has been fixed and the described problem no longer occurs. -- SL7 x86_64 ghostscript-9.07-31.el7_6.6.i686.rpm ghostscript-9.07-31.el7_6.6.x86_64.rpm ghostscript-cups-9.07-31.el7_6.6.x86_64.rpm ghostscript-debuginfo-9.07-31.el7_6.6.i686.rpm ghostscript-debuginfo-9.07-31.el7_6.6.x86_64.rpm ghostscript-devel-9.07-31.el7_6.6.i686.rpm ghostscript-devel-9.07-31.el7_6.6.x86_64.rpm ghostscript-gtk-9.07-31.el7_6.6.x86_64.rpm ghostscript-9.07-31.el7_6.6.src.rpm noarch ghostscript-doc-9.07-31.el7_6.6.noarch.rpm - Scientific Linux Development Team